SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Fetchmail Vendors:   fetchmail.berlios.de
Fetchmail NTLM Authentication Processing Flaw Lets Remote Servers Deny Service
SecurityTracker Alert ID:  1027377
SecurityTracker URL:  http://securitytracker.com/id/1027377
CVE Reference:   CVE-2012-3482   (Links to External Site)
Date:  Aug 14 2012
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0.8 through 6.3.21
Description:   A vulnerability was reported in Fetchmail. A remote user can cause denial of service conditions in certain cases.

On systems compiled with NTLM support enabled, a remote server can returned specially crafted data in response to an NTLM authentication request to cause the target connected application to hang.

Systems running in debug mode are affected.

J. Porter Clark reported this vulnerability.

Impact:   A remote server can cause the connected application to hang, blocking incoming mail.
Solution:   The vendor has issued a source code fix. The fix will be included in version 6.3.22.

The vendor's advisory will be available at:

http://www.fetchmail.info/fetchmail-SA-2012-02.txt

Vendor URL:  www.fetchmail.info/fetchmail-SA-2012-02.txt (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC